将 outprops 对象传递给它时,未设置 Ws-security 属性
Ws-security properties are not set when the outprops object is passed to it
我正在尝试使用 cxf 连接到服务器,并且能够通过 SOAP ui 完成此操作,但是在尝试通过我正在编写的 java 程序进行连接时出现错误。
String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
String SOAP_NS = "http://www.w3.org/2003/05/soap-envelope";
String WSS_EXT_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
String uri = "someURI";
String serviceName = "someServiceName";
String urlWSDL = "someUrlWsdl";
QName PORT_NAME = new QName(uri, serviceName);
URL url = new URL(urlWSDL);
AdminService service = new AdminService(url, PORT_NAME);
AdministrationSEI port = service.getAdminServicePort();
Client client = ClientProxy.getClient(port);
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, "Timestamp Signature");
outProps.put(WSHandlerConstants.USER, "someusername");
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "resources/clientKeyStore.properties");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, "com.java.UTPasswordCallback");
outProps.put(WSHandlerConstants.SIGNATURE_PARTS,
"{Content}{" + WSU_NS + "}Timestamp;"
+ "{Content}{" + SOAP_NS + "}Body;"
+ "{Content}{" + WSS_EXT_NS + "}BinarySecurityToken;");
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
client.getOutInterceptors().add(wssOut);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(30000);
httpClientPolicy.setReceiveTimeout(7200000);
http.setClient(httpClientPolicy);
GetStatusType test = new GetStatusType();
test.setRequestID(requestID);
GetStatusResponseType response = port.getStatus(test);
我做错了什么?我已经看到很多这样的例子,outProps 是通过这种方式添加到客户端的。
我已经尝试直接在客户端中设置用户名,它让我克服了错误,但没有正确创建 soap 信封。
谢谢!
问题是您混淆了在 CXF 中配置 WS-Security 的 "manual" 方法 - 通过添加 WSS4JOutInterceptor 和策略驱动方法。当您在 WSDL 中有一个 WS-SecurityPolicy 时,后者适用——这里就是这种情况,因为堆栈跟踪引用了自动添加的 PolicyBasedWSS4JOutInterceptor。因此对于策略方法,您不添加任何拦截器,而是添加一些配置安全运行时所需的 JAX-WS 属性。请参阅此处了解更多信息:
http://cxf.apache.org/docs/ws-securitypolicy.html
冷
我正在尝试使用 cxf 连接到服务器,并且能够通过 SOAP ui 完成此操作,但是在尝试通过我正在编写的 java 程序进行连接时出现错误。
String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
String SOAP_NS = "http://www.w3.org/2003/05/soap-envelope";
String WSS_EXT_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
String uri = "someURI";
String serviceName = "someServiceName";
String urlWSDL = "someUrlWsdl";
QName PORT_NAME = new QName(uri, serviceName);
URL url = new URL(urlWSDL);
AdminService service = new AdminService(url, PORT_NAME);
AdministrationSEI port = service.getAdminServicePort();
Client client = ClientProxy.getClient(port);
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION, "Timestamp Signature");
outProps.put(WSHandlerConstants.USER, "someusername");
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "resources/clientKeyStore.properties");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, "com.java.UTPasswordCallback");
outProps.put(WSHandlerConstants.SIGNATURE_PARTS,
"{Content}{" + WSU_NS + "}Timestamp;"
+ "{Content}{" + SOAP_NS + "}Body;"
+ "{Content}{" + WSS_EXT_NS + "}BinarySecurityToken;");
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
client.getOutInterceptors().add(wssOut);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(30000);
httpClientPolicy.setReceiveTimeout(7200000);
http.setClient(httpClientPolicy);
GetStatusType test = new GetStatusType();
test.setRequestID(requestID);
GetStatusResponseType response = port.getStatus(test);
我做错了什么?我已经看到很多这样的例子,outProps 是通过这种方式添加到客户端的。
我已经尝试直接在客户端中设置用户名,它让我克服了错误,但没有正确创建 soap 信封。
谢谢!
问题是您混淆了在 CXF 中配置 WS-Security 的 "manual" 方法 - 通过添加 WSS4JOutInterceptor 和策略驱动方法。当您在 WSDL 中有一个 WS-SecurityPolicy 时,后者适用——这里就是这种情况,因为堆栈跟踪引用了自动添加的 PolicyBasedWSS4JOutInterceptor。因此对于策略方法,您不添加任何拦截器,而是添加一些配置安全运行时所需的 JAX-WS 属性。请参阅此处了解更多信息:
http://cxf.apache.org/docs/ws-securitypolicy.html
冷